The vulnerabilities could allow remote code execution if a user visits a malicious, specially crafted Web page using IE. Users who run without administrative rights are more secure in general and should be less impacted than other users; you can read more about this security principle (link) in many places (link). This security update is rated Critical for IE6, 7, 8, and 9 on Windows clients; for more information about the ratings and the vulnerabilities, please see the full bulletin.

Most customers have enabled automatic updating and do not need to take any action. We recommend that customers who have not enabled automatic updating, enable it (Start Menu, type “Windows Update”). We recommend that administrators, enterprise installations, and end users who want to install this security update manually, apply the update immediately using update management software or by checking for updates using the Microsoft Update service.

Changes to “About Internet Explorer” in IE9

With this update, IE9’s About box shows that the version is now 9.0.1:

Every Microsoft update has an associated article (e.g. KB2530548) with technical details about fixes included in the release. These updates are “cumulative,” so the latest update represents all the fixes to date. As we update IE9, we will include a link to that article for the release. We will also update the version number of IE to reflect these changes. The major and minor version numbers remain 9.0; today we increment the update revision to 1. Note that there is no change to the User-Agent string or other platform versioning information.